Re: /sbin/reboot and secmodel

> I'm wondering if there's a way we can "encapsulate" the entire reboot
> process, such that a user can initiate it -- but not interfere with
> it.
sudo? Between the restrictions on a nonprivileged user meddling with
another user's process and reboot(8) ignoring tty-generated signals,
there isn't much the user can do once reboot gets far enough to ignroe
signals. (It probably should ignore more signals, though; I'm not sure
SIGTTOU can't be abused to stop it partway.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents.montreal.qc.ca@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B